Hi, Both RIPE and their CDN seem to use DNSSEC. Indeed, the CDN utilizes LE as the issuing CA. The LE does publish the list of issued certificates as part of Certificate Transparency, as far as I know the list is public and can be consumed by anyone. Is there some specific concern you're thinking of? Kaj Sent from my iPad ________________________________ From: Andrey Korolyov <andrey@xdel.ru> Sent: Tuesday, April 16, 2024 10:12 PM To: Kaj Niemi <kajtzu@basen.net> Cc: Petru Bunea <suport@bunea.eu>; Daniel Pearson <daniel@privatesystems.net>; members-discuss@ripe.net <members-discuss@ripe.net> Subject: Re: [members-discuss] Charging scheme 2025 proposal (logarithmic) You don't often get email from andrey@xdel.ru. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> RIPE, revenue 38M EUR (40M USD), members 20k = 2 k/member ARIN, revenue 25M USD, members 25k = 1 k/member APNIC, revenue 33M AUD (21M USD), members 10k = 2 k/member LACNIC, revenue 10M USD, members 12k = 0.8 k/member AFRINIC, revenue 6M USD, members 2k = 3 k/member Thanks for the numbers Kaj. BTW I wonder how it was possible for two of five organisations listed, including RIPE, to not allocate the funds for a purchase of a regular SSL certificate for their resources, using instead free-tier CA (and RIPE uses the worst one in terms of hijack-ability, Let's Encrypt).